I work in security, and to be honest, I've been at complete loss those past few years. I barely know where to start or even how to structure my advices. The vault 7 leaks only brings confirmation to things we already heavily suspected.
I think the most fundamental need for all of us is unrestricted communication on the internet, which as of today means access to its fringe areas where a certain form free speech still exists: imageboards, IRC servers, newsgroups, yada yada. That is quite frankly the main reason I go on the internet, because I want to discuss, debate and learn, and interacting with people is the best, and if that was taken from me, I'd have next to no reason to go on the internet. And it's also the riskiest, because that's how you'll be expressing your deepest, most sincere problematic thoughts. As such, the second most fundamental need is access to sensitive materials on a variety of websites, and includes searching stuff, reading news, and downloading documents, from blogs, technical documentation, hosting platforms, news websites, and other independant websites, all relative to those same thoughts of yours.
That is what I focus the most on myself, because the crime of thought is now real. To be safe, my advice is simple: start over from scratch, live a double (or more) life, don't mix things up. I keep my usual computer, that's secured as much as I can, but from which I'll be buying stuff on Amazon and even do some minimal chan browsing, and that doesn't involve communication with people in fringe areas nor access to hard to find and/or sensitive resources. And then, when there are other things I want to do, I have airgapped devices on different networks.
So here's what I'd recommend, beyond even the technical considerations which are too many and complex to enumerate in a single post. And even then, if you can follow that, you could almost skip on the technical considerations and still be reliably safe:
You don't need a secure computer on a secure internet access to watch animu. List all your needs, but don't hope to do everything securely. The more things you'll do using the same secure device and entry door, the easier it becomes to identify you. Sort those needs based on what you can afford to do together, avoiding to mix up what can help identify you with what can get you in trouble, ie. don't call your mom and your drug dealer from same phone.
Get new untraceable hardware, don't hope to secure your existing ones. Just keep things entirely separate. Something mobile, disposable if needed, easily throwable very far for that purpose. Removable battery, systematically removed when not in use. Unless you're a wanted terrorist, cheap chink hardware on aliexpress will do, if you're worried get it used. Never put it in direct or indirect contact, wired or wireless, with anything you ever touched, used or connected to before. Disable GPS, GSM, and anything else that can leak more data than you need, physically sabotage it if possible. Tape the camera, it could still prove useful, otherwise sabotage it. Charge it using only verified cables with data pins sabotaged. Use free/pirated wifi (which you pirated with same device) to download what you need, flash/format everything with the most secure shit you can find, use proper tools. Don't store anything on it, set it to keep no history. Once on the internet, don't reuse accounts, pseudonyms, or anything else that can link it to previous internet activity, don't contact people you know, avoid pursuing similar interests. Just do what you need it for established before. If you feel the need for it, pay for a VPN or a dedicated server you set up as a proxy yourself and which can double as a mail server/file storage/imageboard server, all paid anonymously, prefer gift cards, second bitcoins paid in gift cards or temporary payment cards, finally temporary payment cards themselves if you must.